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DETAILED ACTION 

For the means plus function language in the claims, the Examiner is not invoking 35 U.S.C. § 
112, sixth paragraph. 

Priority 

1. Acknowledgment is made of applicant's claim for continuation based on an application 
filed on Mar. 15, 2002. It is noted, however, that applicant has not filed a certified copy of the 
PCT/IE02/00030 application as required by 35 U.S.C. 1 19(b). 

Claim Rejections - 35 USC §112 

2. The following is a quotation of the second paragraph of 35 U. S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

3. Claim 1 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. The term "determining" is vague and indefinitely because the Examiner cannot fully 
understand how the applicant intends on determining the applicable authority state. 

4. Claim 19 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. The term "don't care" is vague and indefinite because "don't care" can mean 
different things to various people. 

5. Claim 20 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
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the invention. The phrase "over-riding enabled flags" is vague and indefinite because this can be 
done many different ways when given it's broadest reasonable interpretation. 
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Claim Rejections - 35 USC §102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

7. Claims 1-4, 11-12 and 22 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Saito (U.S. Patent No. 5,974,141). 

8. As per claim 1, Saito teaches a transaction authorisation system comprising means for 
authorising a transaction according to stored conditions (abstract, lines 2-3; Examiner is 
interpreting the public key and secret key and being stored and used for authorisation; Examiner 
is defining "transaction" as a communication involving two or more entities that affects all those 
involved; personal interaction as defined by The American Heritage Dictionary) and for 
interfacing with a transaction system (abstract, lines 1-2 and 6-10; Examiner is interpreting the 
fact that data is being transferred as having evidence of interfacing between a transaction 
system), wherein 

■ the authorisation system (2) comprises an authorisation model (4) having a plurality 
of authority states (10) defining a plurality of required signatories (col. 3, lines 34- 
35; col. 5, lines 23-31) for authorisation of a proposed transaction (col. 3, lines 1-27); 

■ the system (2) comprises means for allowing online user definition (abstract, lines 1- 
2; Examiner is interpreting the means as a computer with an interface) and updating of 
the model (4) using user client systems (Figs. 1A-D, abstract, lines 15-17; Examiner is 
interpreting updating equivalent to allowing the user to edit the data); 
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■ the system comprises means (3) for receiving a request for a proposed transaction 
(abstract, lines 1-2), for determining an applicable authority state (10)(col. 21, lines 
28-38), and for authorising the proposed transaction when sufficient signatory 
approvals have been received to satisfy the authority state (col. 25, lines 36-41). 

9. As per claim 2, Saito teaches the transaction authorisation system of claim 1 as described 
above. Saito further teaches wherein at least some authority states comprises a signatory 
group (21) of signatory nodes (24), whereby all signatories of the group must approve (col. 
3, lines 1-18; col. 5, lines 28-30). 

10. As per claim 3, Saito teaches the transaction authorisation system of claim 1 as described 
above. Saito further teaches wherein at least some authority states (10) comprise a signatory 
set (30) of signatory nodes (31), whereby any one signatory of the set must approve (col. 3, 
lines 1-18; col. 5, lines 28-30). 

11. As per claim 4, Saito teaches the transaction authorisation system of claim 2 as described 
above. Saito further teaches wherein at least some authority states (10) comprise a complex 
hierarchical structure of groups and sub-groups, the structure comprising at least three 
hierarchical levels (col. 3, lines 1-18; col. 5, lines 28-30). 

12. As per claim 1 1, Saito teaches the transaction authorisation system of claim 1 as 
described above. Saito does further teach wherein the system (2) further comprises means for 
downloading a wizard program (55) via an encrypted connection to a user client system (1) 
(col. 4, lines 37-42), the wizard program (55) being for guiding a user through a process of 
defining the control model (4) (col. 18, lines 30-43; Examiner is interpreting the agent-oriented 
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software as the wizard program due to the explanation of "The agent-oriented software, unlike 
the conventional one, is a program having autonomy, flexibility and cooperativeness, which is 
able to meet a user's request with its characteristics of autonomy, flexibility and cooperativeness 
in accordance with only a general instruction of the user without specifically giving every 
operation instruction to the software"). 

13. As per claim 12, Saito teaches the transaction authorisation system of claim 1 as 
described above. Saito further teaches wherein the system (2) comprises an online server (3)(col, 
3, lines 44-45; col. 2, lines 65-67) for user access, said server comprising: 

■ a web channel (60, 61) for user control model definition (Fig. 1 A and Fig 12 A); 

■ a channel manager (70, 71, 72) for real time transaction execution (col. 1, lines 45- 
55). 

14. As per claim 22, Saito does teach the computer program product comprising software 
code for performing authorisation operations of an authorisation system of claim 1 when 
executing on a digital computer (abstract, lines 1-2). 
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Claim Rejections - 35 USC §103 

15. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the. invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

16. Claims 5-10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Saito in view 
of Langhans et al. (U.S. Patent No. 5,621, 20 l)[hereinafter Langhans]. 

17. As per claim 5, Saito teaches the transaction authorisation system of claim 3 as described 
above. Saito does not further teach wherein at least some authority states (10) comprise a 
hierarchical structure of sets and sub-sets. 

However, Langhans does teach wherein at least some authority states (10) comprise a 
hierarchical structure of sets and sub-sets (Fig. 4). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine sets and sub-sets into the authorization hierarchy with 
Reference A for the useful purpose of applying different authorization tests for each position in a 
hierarchy, with a particular position being required to pass not only its own test, but the test of 
elements higher in the hierarchical tree, as taught by Langhans (abstract, lines 10-14). 

18. As per claim 6, Saito teaches a transaction authorisation system of claim 1 as described 
above. Saito does not further teach wherein each authority state (10) *s associated with a 
transaction type as defined by conditions (11). 
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However, Langhans does teach wherein each authority state (10) f s associated with a 
transaction type as defined by conditions (11) (col 13, lines 32-40; Examiner is interpreting 
the "merchant code" as the conditions defined by the transaction; Examiner is also interpreting 
this as being associated with the authority state due to it being transferred to a "diversion 
account" where it will be authorized differently). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine wherein each authority state (10) f s associated with a 
transaction type as defined by conditions for the useful purpose of selecting which types of 
transaction should be directed to a diversion account, as taught by Langhans (col. 13, lines 36- 
38). 

19. As per claim 7, Saito and Langhans teach the transaction authorisation system of claim 6 
as described above. Saito further teaches wherein the system (2) comprises a template update 
interface comprising means for allowing users to update and define the conditions using a 
graphical display (Fig. 1C-D; col. 3, lines 44-59; col. 7, lines 34-43). 

20. As per claim 8, Saito and Langhans teach the transaction authorisation system of claim 7 
as described above. Saito does not further teach wherein said interface (30) comprising means 
for allowing users to define the authority states (10) using a graphical display. 

Langhans does teach wherein said interface (30) comprising means for allowing users 
to define the authority states (10) using a graphical display (col. 10, lines 32-37). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the updating of authority states with Reference A, for the useful 
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purpose of reflecting changed conditions caused by reorganizations, acquisitions, sales, etc., as 
taught by Langhans (col. 10, lines 33-34). 

21 . As per claim 9, Saito and Langhans teach the transaction authorisation system of claim 7 
as described above. Saito does teach wherein the system (2) comprises means for storing a 
user-defined template for each associations of conditions (11) and authority state (10), for 
determining (42) a relevant template for a proposed transaction if parameters of the 
proposed transaction satisfy the conditions (col. 4, lines 25-36; Examiner is interpreting the 
storing of the original data and the editing scenario, and further the user label, the original data 
label and the edit label as storing the "user-defined template" which is inherently associated with 
the conditions and authority state. The fact that any label (or template) was chosen for use by the 
user is a means of determining a relevant template), and for retrieving an authority state (10) 
associated with the template (29) (col. 5, lines 23-31; Examiner is interpreting the fact that the 
data management system knows if the template has been edited or not, and provides different 
certifiers for each, that the data management system retrieves an authority state from the label (or 
template)). 

22. As per claim 10, Saito teaches the transaction authorisation system of claim 1 as 
described above. Saito does not further teach wherein the system comprises means for 
transmitting (49) a notification to all signatories of a selected authority state (10), and for 
dynamically monitoring (50) received responses to determine if the authority state is 
satisfied. 

Langhans does teach wherein the system comprises means for transmitting (49) a 
notification to all signatories of a selected authority state (10) (col. 2, lines 1-1 1), and for 
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dynamically monitoring (50) received responses to determine if the authority state is 
satisfied (Fig. 9; col. 6-7, lines 45-67 and lines 1-16). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art to 
combine a means for transmitting an authorization response and a test in order to determine if the 
authority state is satisfied, with Reference A, for the useful purpose of making sure the 
authorization test gets to each level of the hierarchy as shown in Fig. 4, taught by Langhans. 

23. Claims 13-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Saito in 
view of Ginter et al. (U.S. Patent No. 5,949,876)[hereinafter Ginter]. 

24. As per claim 13, Saito teaches the transaction authorisation system of claim 12 as 
described above. Saito does not further teach, wherein the web channel comprises an account 
list filter (61) comprising means for building a list of allowable funding accounts associated 
with a user. 

However, Ginter does teach wherein the web channel comprises an account list filter 
(61) comprising means for building a list of allowable funding accounts associated with a 
user (col. 36, lines 24-44). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the building of a list of allowable funding accounts associated 
with a user, with Reference A for the useful purpose of supporting electronic currency, billing, 
payment and credit related activities, as taught by Ginter (col. 36, lines 29-3 1). 
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25. As per claim 14, Saito teaches the transaction authorisation system of claim 12 as 
described above. Saito does not further teach wherein the web channel further comprises a 
transaction type filter (60) comprising means for building a list of allowable transaction 
types associated with a user. 

However, Ginter does teach wherein the web channel further comprises a transaction 
type filter (60) comprising means for building a list of allowable transaction types 
associated with a user (col. 36, lines 30-35; Examiner is interpreting this as a means for 
generating an allowable list; col. 15, lines 6-30). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the generation of a list after the privacy filtering of various 
types of transactions with Reference A for the useful purpose of augmenting configurability, 
portability, and security of the VDE environment, as taught by Ginter (col. 15, lines 30-33) 

26. As per claim 15, Saito teaches the transaction authorisation system of claim 12 as 
described above. Saito does not further teach wherein the channel manager comprises an 
authorisation data manager (71) comprising means for building look-up tables within 
objects by querying a rule database. 

Ginter does teach wherein the channel manager comprises an authorisation data 
manager (71) comprising means for building look-up tables within objects by querying a 
rule database (col. 116, lines 1-19). 
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Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the building of look-up tables within objects by querying a rule 
database, with Reference A, for the useful purpose of linking or binding the elements into a 
single cohesive executable so the load module can reference data structures and any other load 
module in the component assembly, as taught by Ginter (col. 116, lines 14-17). 

27. As per claim 16, Saito and Ginter teach the transaction authorisation system of claim 15 
as described above. Saito does teach wherein the authorisation data manager (71) comprises 
means for building said objects at the start of a user session and for storing said objects for 
processing of request by the user (col. 7, lines 34-43). Saito does not teach wherein the said 
objects are stored temporarily or "cached" for processing of request by the user. 

Ginter does teach the method of caching data (col. 71, lines 38-44). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the method of caching data with the authorization data manager 
for the useful purpose of significantly improving access times to information stored externally to 
an SPU, as taught by Ginter (col. 71, lines 45-48). 

28. As per claim 17, Saito and Ginter teach the transaction authorisation system of claim 15 
as described above. Saito does not teach wherein the channel manager comprises an 
authorisation rule engine (70) comprising means for querying the authorisation data 
manager (71) to check if a proposed transaction meets transaction conditions, and for 
managing notification of signatures specified in the relevant authority state. 
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Ginter does teach wherein the channel manager comprises an authorisation rule 
engine (70) comprising means for querying the authorisation data manager (71) to check if 
a proposed transaction (col. 116, lines 1-7) meets transaction conditions (col. 116, lines 10- 
14; Examiner is interpreting the fact that if the data is properly decrypted, that it meets the 
conditions of the transaction), and for managing notification of signatures specified in the 
relevant authority state (col. 1 16, lines 7-13; col. 147, lines 34-47; Examiner is interpreting the 
fact that each piece of data is combined with a permission record, that when this data is in the 
process of being extracted, it must go through the relevant authority to ensure proper permission 
is granted). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the channel manager's use of authorization as stated above with 
Reference A, for the useful purpose of controlling how access and/or manipulation permissions 
are distributed and/or how content and/or other information may be used, as taught by Ginter 
(col. 147, lines 43-45). 

29. As per claim 18, Saito and Ginter teach the transaction authorisation system of claim 17 
as described above. Saito does further teach, wherein the system further comprises a role 
manager (72) comprising means for: authenticating a user to determine a user identifier (col. 
21, lines 28-38). However, Saito does not teach using the identifier to determine a plurality 
of roles associated with the user, said roles containing access level permission values; 
building a role object comprising a combination of all of said role permission values; and 
using said role object to control user access to the system during a session. 
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Ginter does further teach wherein the system further comprises a role manager (72) 
comprising means for: using the identifier to determine a plurality of roles associated with 
the user (Fig. 5B - Permissions Record 808; Examiner is interpreting the identifier to be any of 
the user information provided), said roles containing access level permission values (Fig. 5B; 
col. 59, lines 5-10); building a role object comprising a combination of all of said role 
permission values (Fig. 5 A - Content Container); and using said role object to control user 
access to the system during a session (col. 59, lines 5-10). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine permission values associated with a user to control user access 
with Reference A, for the useful purpose of protecting security related information, as taught by 
Ginter (col. 59, lines 8-10). 

30. As per claim 19, Saito and Ginter teach the transaction authorisation system of claim 18 
as described above. Saito does not further teach wherein said permissions comprise "enabled", 
"excluded", and "don't care" flags for a user for an access level. 

Ginter does teach the concept of validation flagging (col. 215, lines 8-45; Examiner is 
interpreting the various types of flags - enabled, excluded, and don't care - as nonfunctional 
descriptive material and will not be given any patentable weight). 

Therfore, it would have been prima facie obvious to one of ordinary skill in the art to 
combine the use of validation flags with Reference A, for the useful purpose of supporting the 
secure storage of important component assembly and related information on secondary storage 
memory, as taught by Ginter (col. 215, lines 7-10). 
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31. As per claim 20, Saito and Ginter teach the transaction authorisation system of claim 19 
as described above. Saito does not further teach, wherein the role manager comprises means 
for combining the permission values with an excluded flag over-riding enabled flags. 

Ginter does teach a correlation flag that combines permission values with a flag (col. 215, 
lines 46-53; Examiner is interpreting "over-riding enabled flags" as nonfunctional descriptive 
material because it does not add any patentable weight to the claimed invention). 

Therefore, it would have been prima facie obvious to one of ordinary skill in the art at the 
time of the invention to combine the combining of permission values with flags with Reference 
A, for the useful purpose of allowing the creator to produce permission records that reference the 
budget owner's budget, as taught by Ginter (col. 215, lines 50-53). 
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Examiner Note 

32. Examiner has cited particular columns and line numbers in the references as applied to 
the claims above for the convenience of the applicant. Although the specified citations are 
representative of the teachings in the art and are applied to the specific limitations within the 
individual claim, other passages and figures may be applied as well. It is respectfully requested 
from the applicant, in preparing responses, to fully consider the reference in its entirety as 
potentially teaching all of part of the claimed invention as well as the context of the passage as 
taught by the prior art or disclosed by the examiner. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter L. Ludwig whose telephone number is 571-270-1365. The 
examiner can normally be reached on Mon-Fri 7:30-5:00, 1st Fri. Off, 2nd Fri. 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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